Please make sure you have offline backups
June, 2014, Adam Sarote, Director, Coalfire
This ransomware has hit not only personal computers, but also organizations, including a town in New Hampshire. This particular attack was carried out when an employee opened a seemingly legitimate email attachment, once again reminding us of the ever-present danger of social engineering. Read more
What are Insurers really covering?
May, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist
Across the country, executives and their boards saw the data breaches that occurred at large, well-run retailers and immediately began asking the right questions about their own systems and protections. The challenge for the insurance industry is that the plan for many of these companies seems to be transferring as much risk as possible to insurers, who may not have a full and complete understanding of what they are covering.
What is Your Risk Assessment Worth?
December, 2011, John Rostern, VP, Technology Advisory and Assessment Services
A risk assessment provides your organization with a tool to determine how, where and how much to invest in controls and security over technology. It also serves to document the risk acceptance policy of your organization as the acceptable level of risk dictates the level of controls to be implemented. It is also a requisite part of legal and regulatory compliance for Sarbanes-Oxley, HIPAA and PCI, among others.
Trust the ‘Cloud’ (just make sure you have it examined first)
April, 2011, Tom McAndrew, EVP Commercial Services, Coalfire
In the wake of Amazon’s Web Service disruption over the past few days we think it is important to look at the case a little closer.
Compliance and the Cloud
March, 2011, Tom McAndrew, EVP Commercial Services, Coalfire
“The Cloud” is a hot topic right now. Yet most people can’t even define what “the cloud” really is. As I talk to more companies, who are considering the move, they all have two main concerns: security and compliance. Of course, security and compliance are key when it comes to cloud computing, but the questions you really need to be asking is not, “Will I be secure and compliant if I move to the cloud?” but rather, “What do I need to do to be secure and compliant when I move to the cloud?”